recommended reading

The Next U.S. Weapon at Sea Could Be Music

argus/Shutterstock.com

The next Cuban missile crisis could be resolved through the power of music rather than an armed standoff between nuclear powers, military officials and researchers speculate.

It is believed that sound waves can "jump the air gap” -- or hack a machine that is not on a network -- to paralyze a ship's control systems. Instead of using a blockade or firing Tomahawk missiles to prevent Russia from delivering weapons to Cuba, the United States could use malicious tones. 

"This is where you talk about fleets coming to a stop. Our ships are floating SCADA systems," retired Capt. Mark Hagerott, deputy director of cybersecurity for the U.S. Naval Academy, said at a summit in Washington organized by Government Executive Media Group. He was referring to supervisory control and data acquisition systems that control industrial operations. "That would disrupt the world balance of power if you could begin to jump the air gap," Hagerott said. 

It’s conceivable sound waves can be transformed into malicious electrical signals. An air disruption causes the diaphragm of a speaker to create an electrical signal made up of ones and zeros. Targeted ones and zeros can override a computer-driven ship. 

Taking down a SCADA system "gives you a nonlethal warfare capacity at sea," Peter Singer, a Brookings Institution national security analyst, said in an interview after speaking at the Defense One Summit. A president could say, for example: “Don't let this enemy fleet seize these island chains but also don't let it turn into a shooting war.” It would warn the adversary that if it crosses a certain boundary, the United States will flip the switch. "Now their ship is floating but you haven't killed anyone," Singer said. 

Even the Stuxnet virus, an alleged U.S.-Israel creation that breached an air-gapped Iranian nuclear production system, required more proximity. Someone inserted an infected jump drive that made the nuclear centrifuges go haywire. 

Onboard, "you think you are secure. You didn't put a flash drive in. There's no wires,” Hagerott said.

This story has been updated to include more specific details.

(Image via argus/Shutterstock.com)

Threatwatch Alert

Network intrusion / Stolen credentials

85M User Accounts Compromised from Video-sharing Site Dailymotion

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download

When you download a report, your information may be shared with the underwriters of that document.